Access Analyzer 2019-11-01
- Client: Aws\AccessAnalyzer\AccessAnalyzerClient
- Service ID: accessanalyzer
- Version: 2019-11-01
This page describes the parameters and results for the operations of the Access Analyzer (2019-11-01), and shows how to use the Aws\AccessAnalyzer\AccessAnalyzerClient object to call the described operations. This documentation is specific to the 2019-11-01 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- ApplyArchiveRule ( array $params = [] )
Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
- CreateAnalyzer ( array $params = [] )
Creates an analyzer for your account.
- CreateArchiveRule ( array $params = [] )
Creates an archive rule for the specified analyzer.
- DeleteAnalyzer ( array $params = [] )
Deletes the specified analyzer.
- DeleteArchiveRule ( array $params = [] )
Deletes the specified archive rule.
- GetAnalyzedResource ( array $params = [] )
Retrieves information about a resource that was analyzed.
- GetAnalyzer ( array $params = [] )
Retrieves information about the specified analyzer.
- GetArchiveRule ( array $params = [] )
Retrieves information about an archive rule.
- GetFinding ( array $params = [] )
Retrieves information about the specified finding.
- ListAnalyzedResources ( array $params = [] )
Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.
- ListAnalyzers ( array $params = [] )
Retrieves a list of analyzers.
- ListArchiveRules ( array $params = [] )
Retrieves a list of archive rules created for the specified analyzer.
- ListFindings ( array $params = [] )
Retrieves a list of findings generated by the specified analyzer.
- ListTagsForResource ( array $params = [] )
Retrieves a list of tags applied to the specified resource.
- StartResourceScan ( array $params = [] )
Immediately starts a scan of the policies applied to the specified resource.
- TagResource ( array $params = [] )
Adds a tag to the specified resource.
- UntagResource ( array $params = [] )
Removes a tag from the specified resource.
- UpdateArchiveRule ( array $params = [] )
Updates the criteria and values for the specified archive rule.
- UpdateFindings ( array $params = [] )
Updates the status for the specified findings.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
ApplyArchiveRule
$result = $client->applyArchiveRule([/* ... */]); $promise = $client->applyArchiveRuleAsync([/* ... */]);
Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
Parameter Syntax
$result = $client->applyArchiveRule([
'analyzerArn' => '<string>', // REQUIRED
'clientToken' => '<string>',
'ruleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
CreateAnalyzer
$result = $client->createAnalyzer([/* ... */]); $promise = $client->createAnalyzerAsync([/* ... */]);
Creates an analyzer for your account.
Parameter Syntax
$result = $client->createAnalyzer([
'analyzerName' => '<string>', // REQUIRED
'archiveRules' => [
[
'filter' => [ // REQUIRED
'<String>' => [
'contains' => ['<string>', ...],
'eq' => ['<string>', ...],
'exists' => true || false,
'neq' => ['<string>', ...],
],
// ...
],
'ruleName' => '<string>', // REQUIRED
],
// ...
],
'clientToken' => '<string>',
'tags' => ['<string>', ...],
'type' => 'ACCOUNT|ORGANIZATION', // REQUIRED
]);
Parameter Details
Members
- analyzerName
-
- Required: Yes
- Type: string
The name of the analyzer to create.
- archiveRules
-
- Type: Array of InlineArchiveRule structures
Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
- clientToken
-
- Type: string
A client token.
- tags
-
- Type: Associative array of custom strings keys (String) to strings
The tags to apply to the analyzer.
- type
-
- Required: Yes
- Type: string
The type of analyzer to create. Only ACCOUNT analyzers are supported. You can create only one analyzer per account per Region.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Errors
-
A conflict exception error.
-
Validation exception error.
-
Internal server error.
-
ServiceQuotaExceededException:
Service quote met error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
CreateArchiveRule
$result = $client->createArchiveRule([/* ... */]); $promise = $client->createArchiveRuleAsync([/* ... */]);
Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
Parameter Syntax
$result = $client->createArchiveRule([
'analyzerName' => '<string>', // REQUIRED
'clientToken' => '<string>',
'filter' => [ // REQUIRED
'<String>' => [
'contains' => ['<string>', ...],
'eq' => ['<string>', ...],
'exists' => true || false,
'neq' => ['<string>', ...],
],
// ...
],
'ruleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- analyzerName
-
- Required: Yes
- Type: string
The name of the created analyzer.
- clientToken
-
- Type: string
A client token.
- filter
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to Criterion structures
The criteria for the rule.
- ruleName
-
- Required: Yes
- Type: string
The name of the rule to create.
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
A conflict exception error.
-
Validation exception error.
-
Internal server error.
-
ServiceQuotaExceededException:
Service quote met error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
DeleteAnalyzer
$result = $client->deleteAnalyzer([/* ... */]); $promise = $client->deleteAnalyzerAsync([/* ... */]);
Deletes the specified analyzer. When you delete an analyzer, Access Analyzer is disabled for the account in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
Parameter Syntax
$result = $client->deleteAnalyzer([
'analyzerName' => '<string>', // REQUIRED
'clientToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
DeleteArchiveRule
$result = $client->deleteArchiveRule([/* ... */]); $promise = $client->deleteArchiveRuleAsync([/* ... */]);
Deletes the specified archive rule.
Parameter Syntax
$result = $client->deleteArchiveRule([
'analyzerName' => '<string>', // REQUIRED
'clientToken' => '<string>',
'ruleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
GetAnalyzedResource
$result = $client->getAnalyzedResource([/* ... */]); $promise = $client->getAnalyzedResourceAsync([/* ... */]);
Retrieves information about a resource that was analyzed.
Parameter Syntax
$result = $client->getAnalyzedResource([
'analyzerArn' => '<string>', // REQUIRED
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'resource' => [
'actions' => ['<string>', ...],
'analyzedAt' => <DateTime>,
'createdAt' => <DateTime>,
'error' => '<string>',
'isPublic' => true || false,
'resourceArn' => '<string>',
'resourceOwnerAccount' => '<string>',
'resourceType' => 'AWS::S3::Bucket|AWS::IAM::Role|AWS::SQS::Queue|AWS::Lambda::Function|AWS::Lambda::LayerVersion|AWS::KMS::Key',
'sharedVia' => ['<string>', ...],
'status' => 'ACTIVE|ARCHIVED|RESOLVED',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- resource
-
- Type: AnalyzedResource structure
An
AnalyedResourceobject that contains information that Access Analyzer found when it analyzed the resource.
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
GetAnalyzer
$result = $client->getAnalyzer([/* ... */]); $promise = $client->getAnalyzerAsync([/* ... */]);
Retrieves information about the specified analyzer.
Parameter Syntax
$result = $client->getAnalyzer([
'analyzerName' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'analyzer' => [
'arn' => '<string>',
'createdAt' => <DateTime>,
'lastResourceAnalyzed' => '<string>',
'lastResourceAnalyzedAt' => <DateTime>,
'name' => '<string>',
'status' => 'ACTIVE|CREATING|DISABLED|FAILED',
'statusReason' => [
'code' => 'AWS_SERVICE_ACCESS_DISABLED|DELEGATED_ADMINISTRATOR_DEREGISTERED|ORGANIZATION_DELETED|SERVICE_LINKED_ROLE_CREATION_FAILED',
],
'tags' => ['<string>', ...],
'type' => 'ACCOUNT|ORGANIZATION',
],
]
Result Details
Members
- analyzer
-
- Required: Yes
- Type: AnalyzerSummary structure
An
AnalyzerSummaryobject that contains information about the analyzer.
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
GetArchiveRule
$result = $client->getArchiveRule([/* ... */]); $promise = $client->getArchiveRuleAsync([/* ... */]);
Retrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
Parameter Syntax
$result = $client->getArchiveRule([
'analyzerName' => '<string>', // REQUIRED
'ruleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'archiveRule' => [
'createdAt' => <DateTime>,
'filter' => [
'<String>' => [
'contains' => ['<string>', ...],
'eq' => ['<string>', ...],
'exists' => true || false,
'neq' => ['<string>', ...],
],
// ...
],
'ruleName' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- archiveRule
-
- Required: Yes
- Type: ArchiveRuleSummary structure
Contains information about an archive rule.
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
GetFinding
$result = $client->getFinding([/* ... */]); $promise = $client->getFindingAsync([/* ... */]);
Retrieves information about the specified finding.
Parameter Syntax
$result = $client->getFinding([
'analyzerArn' => '<string>', // REQUIRED
'id' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'finding' => [
'action' => ['<string>', ...],
'analyzedAt' => <DateTime>,
'condition' => ['<string>', ...],
'createdAt' => <DateTime>,
'error' => '<string>',
'id' => '<string>',
'isPublic' => true || false,
'principal' => ['<string>', ...],
'resource' => '<string>',
'resourceOwnerAccount' => '<string>',
'resourceType' => 'AWS::S3::Bucket|AWS::IAM::Role|AWS::SQS::Queue|AWS::Lambda::Function|AWS::Lambda::LayerVersion|AWS::KMS::Key',
'sources' => [
[
'detail' => [
'accessPointArn' => '<string>',
],
'type' => 'POLICY|BUCKET_ACL|S3_ACCESS_POINT',
],
// ...
],
'status' => 'ACTIVE|ARCHIVED|RESOLVED',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- finding
-
- Type: Finding structure
A
findingobject that contains finding details.
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
ListAnalyzedResources
$result = $client->listAnalyzedResources([/* ... */]); $promise = $client->listAnalyzedResourcesAsync([/* ... */]);
Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..
Parameter Syntax
$result = $client->listAnalyzedResources([
'analyzerArn' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
'resourceType' => 'AWS::S3::Bucket|AWS::IAM::Role|AWS::SQS::Queue|AWS::Lambda::Function|AWS::Lambda::LayerVersion|AWS::KMS::Key',
]);
Parameter Details
Members
- analyzerArn
-
- Required: Yes
- Type: string
The ARN of the analyzer to retrieve a list of analyzed resources from.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token used for pagination of results returned.
- resourceType
-
- Type: string
The type of resource.
Result Syntax
[
'analyzedResources' => [
[
'resourceArn' => '<string>',
'resourceOwnerAccount' => '<string>',
'resourceType' => 'AWS::S3::Bucket|AWS::IAM::Role|AWS::SQS::Queue|AWS::Lambda::Function|AWS::Lambda::LayerVersion|AWS::KMS::Key',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- analyzedResources
-
- Required: Yes
- Type: Array of AnalyzedResourceSummary structures
A list of resources that were analyzed.
- nextToken
-
- Type: string
A token used for pagination of results returned.
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
ListAnalyzers
$result = $client->listAnalyzers([/* ... */]); $promise = $client->listAnalyzersAsync([/* ... */]);
Retrieves a list of analyzers.
Parameter Syntax
$result = $client->listAnalyzers([
'maxResults' => <integer>,
'nextToken' => '<string>',
'type' => 'ACCOUNT|ORGANIZATION',
]);
Parameter Details
Members
Result Syntax
[
'analyzers' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'lastResourceAnalyzed' => '<string>',
'lastResourceAnalyzedAt' => <DateTime>,
'name' => '<string>',
'status' => 'ACTIVE|CREATING|DISABLED|FAILED',
'statusReason' => [
'code' => 'AWS_SERVICE_ACCESS_DISABLED|DELEGATED_ADMINISTRATOR_DEREGISTERED|ORGANIZATION_DELETED|SERVICE_LINKED_ROLE_CREATION_FAILED',
],
'tags' => ['<string>', ...],
'type' => 'ACCOUNT|ORGANIZATION',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- analyzers
-
- Required: Yes
- Type: Array of AnalyzerSummary structures
The analyzers retrieved.
- nextToken
-
- Type: string
A token used for pagination of results returned.
Errors
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
ListArchiveRules
$result = $client->listArchiveRules([/* ... */]); $promise = $client->listArchiveRulesAsync([/* ... */]);
Retrieves a list of archive rules created for the specified analyzer.
Parameter Syntax
$result = $client->listArchiveRules([
'analyzerName' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'archiveRules' => [
[
'createdAt' => <DateTime>,
'filter' => [
'<String>' => [
'contains' => ['<string>', ...],
'eq' => ['<string>', ...],
'exists' => true || false,
'neq' => ['<string>', ...],
],
// ...
],
'ruleName' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- archiveRules
-
- Required: Yes
- Type: Array of ArchiveRuleSummary structures
A list of archive rules created for the specified analyzer.
- nextToken
-
- Type: string
A token used for pagination of results returned.
Errors
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Retrieves a list of findings generated by the specified analyzer.
To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
Parameter Syntax
$result = $client->listFindings([
'analyzerArn' => '<string>', // REQUIRED
'filter' => [
'<String>' => [
'contains' => ['<string>', ...],
'eq' => ['<string>', ...],
'exists' => true || false,
'neq' => ['<string>', ...],
],
// ...
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sort' => [
'attributeName' => '<string>',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- analyzerArn
-
- Required: Yes
- Type: string
The ARN of the analyzer to retrieve findings from.
- filter
-
- Type: Associative array of custom strings keys (String) to Criterion structures
A filter to match for the findings to return.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token used for pagination of results returned.
- sort
-
- Type: SortCriteria structure
The sort order for the findings returned.
Result Syntax
[
'findings' => [
[
'action' => ['<string>', ...],
'analyzedAt' => <DateTime>,
'condition' => ['<string>', ...],
'createdAt' => <DateTime>,
'error' => '<string>',
'id' => '<string>',
'isPublic' => true || false,
'principal' => ['<string>', ...],
'resource' => '<string>',
'resourceOwnerAccount' => '<string>',
'resourceType' => 'AWS::S3::Bucket|AWS::IAM::Role|AWS::SQS::Queue|AWS::Lambda::Function|AWS::Lambda::LayerVersion|AWS::KMS::Key',
'sources' => [
[
'detail' => [
'accessPointArn' => '<string>',
],
'type' => 'POLICY|BUCKET_ACL|S3_ACCESS_POINT',
],
// ...
],
'status' => 'ACTIVE|ARCHIVED|RESOLVED',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- findings
-
- Required: Yes
- Type: Array of FindingSummary structures
A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
- nextToken
-
- Type: string
A token used for pagination of results returned.
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Retrieves a list of tags applied to the specified resource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
StartResourceScan
$result = $client->startResourceScan([/* ... */]); $promise = $client->startResourceScanAsync([/* ... */]);
Immediately starts a scan of the policies applied to the specified resource.
Parameter Syntax
$result = $client->startResourceScan([
'analyzerArn' => '<string>', // REQUIRED
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds a tag to the specified resource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes a tag from the specified resource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
UpdateArchiveRule
$result = $client->updateArchiveRule([/* ... */]); $promise = $client->updateArchiveRuleAsync([/* ... */]);
Updates the criteria and values for the specified archive rule.
Parameter Syntax
$result = $client->updateArchiveRule([
'analyzerName' => '<string>', // REQUIRED
'clientToken' => '<string>',
'filter' => [ // REQUIRED
'<String>' => [
'contains' => ['<string>', ...],
'eq' => ['<string>', ...],
'exists' => true || false,
'neq' => ['<string>', ...],
],
// ...
],
'ruleName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- analyzerName
-
- Required: Yes
- Type: string
The name of the analyzer to update the archive rules for.
- clientToken
-
- Type: string
A client token.
- filter
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to Criterion structures
A filter to match for the rules to update. Only rules that match the filter are updated.
- ruleName
-
- Required: Yes
- Type: string
The name of the rule to update.
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
UpdateFindings
$result = $client->updateFindings([/* ... */]); $promise = $client->updateFindingsAsync([/* ... */]);
Updates the status for the specified findings.
Parameter Syntax
$result = $client->updateFindings([
'analyzerArn' => '<string>', // REQUIRED
'clientToken' => '<string>',
'ids' => ['<string>', ...],
'resourceArn' => '<string>',
'status' => 'ACTIVE|ARCHIVED', // REQUIRED
]);
Parameter Details
Members
- analyzerArn
-
- Required: Yes
- Type: string
The ARN of the analyzer that generated the findings to update.
- clientToken
-
- Type: string
A client token.
- ids
-
- Type: Array of strings
The IDs of the findings to update.
- resourceArn
-
- Type: string
The ARN of the resource identified in the finding.
- status
-
- Required: Yes
- Type: string
The state represents the action to take to update the finding Status. Use
ARCHIVEto change an Active finding to an Archived finding. UseACTIVEto change an Archived finding to an Active finding.
Result Syntax
[]
Result Details
Errors
-
The specified resource could not be found.
-
Validation exception error.
-
Internal server error.
-
Throttling limit exceeded error.
-
You do not have sufficient access to perform this action.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
AnalyzedResource
Description
Contains details about the analyzed resource.
Members
- actions
-
- Type: Array of strings
The actions that an external principal is granted permission to use by the policy that generated the finding.
- analyzedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the resource was analyzed.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the finding was created.
- error
-
- Type: string
An error message.
- isPublic
-
- Required: Yes
- Type: boolean
Indicates whether the policy that generated the finding grants public access to the resource.
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the resource that was analyzed.
- resourceOwnerAccount
-
- Required: Yes
- Type: string
The AWS account ID that owns the resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the resource that was analyzed.
- sharedVia
-
- Type: Array of strings
Indicates how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
- status
-
- Type: string
The current status of the finding generated from the analyzed resource.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the finding was updated.
AnalyzedResourceSummary
Description
Contains the ARN of the analyzed resource.
Members
AnalyzerSummary
Description
Contains information about the analyzer.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the analyzer.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp for the time at which the analyzer was created.
- lastResourceAnalyzed
-
- Type: string
The resource that was most recently analyzed by the analyzer.
- lastResourceAnalyzedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the most recently analyzed resource was analyzed.
- name
-
- Required: Yes
- Type: string
The name of the analyzer.
- status
-
- Required: Yes
- Type: string
The status of the analyzer. An
Activeanalyzer successfully monitors supported resources and generates new findings. The analyzer isDisabledwhen a user action, such as removing trusted access for IAM Access Analyzer from AWS Organizations, causes the analyzer to stop generating new findings. The status isCreatingwhen the analyzer creation is in progress andFailedwhen the analyzer creation has failed. - statusReason
-
- Type: StatusReason structure
The
statusReasonprovides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, aFailedstatus is displayed. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization. - tags
-
- Type: Associative array of custom strings keys (String) to strings
The tags added to the analyzer.
- type
-
- Required: Yes
- Type: string
The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.
ArchiveRuleSummary
Description
Contains information about an archive rule.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the archive rule was created.
- filter
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to Criterion structures
A filter used to define the archive rule.
- ruleName
-
- Required: Yes
- Type: string
The name of the archive rule.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the archive rule was last updated.
ConflictException
Description
A conflict exception error.
Members
Criterion
Description
The criteria to use in the filter that defines the archive rule.
Members
- contains
-
- Type: Array of strings
A "contains" operator to match for the filter used to create the rule.
- eq
-
- Type: Array of strings
An "equals" operator to match for the filter used to create the rule.
- exists
-
- Type: boolean
An "exists" operator to match for the filter used to create the rule.
- neq
-
- Type: Array of strings
A "not equals" operator to match for the filter used to create the rule.
Finding
Description
Contains information about a finding.
Members
- action
-
- Type: Array of strings
The action in the analyzed policy statement that an external principal has permission to use.
- analyzedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the resource was analyzed.
- condition
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to strings
The condition in the analyzed policy statement that resulted in a finding.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the finding was generated.
- error
-
- Type: string
An error.
- id
-
- Required: Yes
- Type: string
The ID of the finding.
- isPublic
-
- Type: boolean
Indicates whether the policy that generated the finding allows public access to the resource.
- principal
-
- Type: Associative array of custom strings keys (String) to strings
The external principal that access to a resource within the zone of trust.
- resource
-
- Type: string
The resource that an external principal has access to.
- resourceOwnerAccount
-
- Required: Yes
- Type: string
The AWS account ID that owns the resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the resource reported in the finding.
- sources
-
- Type: Array of FindingSource structures
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
- status
-
- Required: Yes
- Type: string
The current status of the finding.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the finding was updated.
FindingSource
Description
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
Members
- detail
-
- Type: FindingSourceDetail structure
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
- type
-
- Required: Yes
- Type: string
Indicates the type of access that generated the finding.
FindingSourceDetail
Description
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
Members
FindingSummary
Description
Contains information about a finding.
Members
- action
-
- Type: Array of strings
The action in the analyzed policy statement that an external principal has permission to use.
- analyzedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the resource-based policy that generated the finding was analyzed.
- condition
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to strings
The condition in the analyzed policy statement that resulted in a finding.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the finding was created.
- error
-
- Type: string
The error that resulted in an Error finding.
- id
-
- Required: Yes
- Type: string
The ID of the finding.
- isPublic
-
- Type: boolean
Indicates whether the finding reports a resource that has a policy that allows public access.
- principal
-
- Type: Associative array of custom strings keys (String) to strings
The external principal that has access to a resource within the zone of trust.
- resource
-
- Type: string
The resource that the external principal has access to.
- resourceOwnerAccount
-
- Required: Yes
- Type: string
The AWS account ID that owns the resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the resource that the external principal has access to.
- sources
-
- Type: Array of FindingSource structures
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
- status
-
- Required: Yes
- Type: string
The status of the finding.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the finding was most recently updated.
InlineArchiveRule
Description
An criterion statement in an archive rule. Each archive rule may have multiple criteria.
Members
- filter
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to Criterion structures
The condition and values for a criterion.
- ruleName
-
- Required: Yes
- Type: string
The name of the rule.
InternalServerException
Description
Internal server error.
Members
ResourceNotFoundException
Description
The specified resource could not be found.
Members
ServiceQuotaExceededException
Description
Service quote met error.
Members
SortCriteria
Description
The criteria used to sort.
Members
StatusReason
Description
Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is displayed. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.
Members
ThrottlingException
Description
Throttling limit exceeded error.
Members
ValidationException
Description
Validation exception error.
Members
- fieldList
-
- Type: Array of ValidationExceptionField structures
A list of fields that didn't validate.
- message
-
- Required: Yes
- Type: string
- reason
-
- Required: Yes
- Type: string
The reason for the exception.